Cybersecurity

Cybersecurity
Scattered Spider TfL Hackers Sentenced to Five and a Half Years
UK authorities sentenced two Scattered Spider members to five-and-a-half years each for the 2024 Transport for London attack, the UK's largest cybercrime case.
Cybersecurity
ClickLock macOS Stealer Uses App-Kill Loop to Coerce Passwords
Group-IB documented ClickLock, a macOS stealer using a 210ms app-kill loop to coerce macOS passwords, hitting more than 100 victims across 33 countries.
Cybersecurity
Elastic Exposes TELEPUZ: C Malware Sold as MaaS via ClickFix Chain
Elastic Security Labs disclosed TELEPUZ, a C-based malware distributed through a ClickFix-to-Vidar chain with VirusTotal volumes indicating a MaaS operation.
Cybersecurity
Russian Threat Actor Uses Gemini CLI to Run Dental Clinic Botnet
Trend Micro documented Russian actor 'bandcampro' using Gemini CLI as a hacking assistant in a dental clinic botnet attack on an OpenDental patient database.
Cybersecurity
DragonForce Posts Eighteen Victims Across Eight Countries in 48 Hours
DragonForce posted eighteen victims across eight countries in 48 hours, including a US defense subcontractor, four law firms, and chemical manufacturers.
Cybersecurity
Coca-Cola Files SEC 8-K After Ransomware Hits Fairlife Dairy
Coca-Cola filed an SEC Form 8-K disclosing a ransomware attack on Fairlife dairy that suspended all U.S. production. No group has yet claimed the attack.
Application Security
CISA Adds SharePoint CVE-2026-58644 to KEV After Zero-Day Confirmed
CISA added SharePoint CVE-2026-58644, a CVSS 9.8 deserialization flaw, to KEV after Microsoft confirmed zero-day exploitation. Federal deadline is July 19.
CVE Vulnerability Alerts
CISA Issues Sunday Patch Deadline for Fortinet FortiSandbox RCE Flaws
CISA added CVE-2026-25089 and CVE-2026-39808 in Fortinet FortiSandbox to KEV, ordering FCEB agencies to patch by July 19 amid confirmed active exploitation.
Cybersecurity
23andMe Pays $18M to 43 State AGs Over Genetic Data Breach
Coalition of 43 state AGs reaches $18M settlement with 23andMe successor Chrome Holding Co. over its genetic data breach; total penalties exceed $50 million.
Cybersecurity
Italy Fines WINDTRE €1.7M for Breaches Exposing 365K Customers
Italy's Garante fined telecom operator WINDTRE €1.7 million for two 2024 data breaches in which social engineering attacks exposed data on 365,000 customers.